A Comprehensive Guide to Nigeria’s Data Privacy Laws

by Michael Olorunwumi
0 comment
Data privacy laws

According to Dr Roger Clarke, a Professor of Computer Science who came on a visit to the Australian National University, there are four things worth protecting in life. They are a person, his communication, behaviour, and data.

Based on this, data privacy remains a crucial subject nationally, sub-nationally, and internationally. Hence, some policies and acts were established, such as the Nigeria Communications Commission Act 2003, and the Freedom of Information Act 2013.

Unfortunately, these acts do not fully cover, protect, and widely discuss the collection of personal information, collation, and handling. That is why the Data Privacy Protection Bill 2015 was passed.

You will think Nigerians care less about their data and private information like home address, family details, phone number, mail address, etc., not until you read this to the end. Come with me.

What is Data Privacy?

Data privacy refers to your control over personal information and how it’s handled by organizations. It’s crucial because it ensures your sensitive information remains safe and secure from misuse or unauthorized access.

Data Privacy Laws in Nigeria

The latest computing devices and the internet have made room for easy access to one’s information, such that little pieces can be gathered to know the whole information of a user. Modern computers now track and document one’s bank transactions, medical appointments, diagnoses, plane flights, and educational history.

Aside from that, in the corporate world, private and commercial organizations request workers’ info for many reasons. That is why the NITDA’s (National Information Technology Development Agency) Nigerian Data Protection Regulations (NDPR) in 2019, along with its issued implementation framework in this same year, was overruled on 12th June 2023, shortly after the inauguration of President Bola Ahmed Tinubu.

The overruling bill and Act remain the Nigeria Data Protection Bill 2023, passed into law to create a legal framework. It is called the Nigeria Data Protection Act 2023 (also known as “NDPA” or “the Act”).

Aside from those mentioned above, several general legislations also influenced data protection, like the 1999 amended constitution of the Federal Republic of Nigeria, the Child Rights Act 2003, and the Cybercrimes (Prohibition, Protection) Act 2015, The Freedom of Information Act 2011, the National Health Act 2014, and the HIV and AIDS (Anti-Discrimination) Act 2014.

The Nigeria Data Protection Bill 2023 has some important definitions that you need to know before we dive into the bill shortly:

  1. Personal data

This refers to an individual’s information that is identifiable either directly or indirectly through location data, identification number, an online identifier, or name, in line with the cultural, physical, genetic, social, psychological, or economic identity of the individual.

  1. Processing

This is any information or personal data that is perused either by automated or physical means but not processed or inclusive beyond data originating outside Nigeria.

  1. Controller

This is an individual or a group of organizations, public commissions, agencies, or any similar one who jointly or solely determines the use and process of collected data of individuals.

  1. Data subject

It is the piece of information that belongs to a specific identifiable individual.

  1. Processor

It is an individual, public authority, or private entity that processes info by the directive of another Data Processor or a Data Controller.

Read also: Navigating Data Security: Tips For Nigerians in a Data-Driven World.

The Data Protection Act

The Data Protection Act established by the Nigeria Data Protection Commission (NDPC), which is responsible for enforcing compliance with the law. The NDPC has the authority to investigate complaints, conduct audits, and impose violation penalties.

Organizations found in breach of the Act may face significant fines, sanctions, or even criminal prosecution, depending on the severity of the violation.

Key Provisions of the Data Protection Act

Below are key provisions of the Data Protection Act;

  • Consent: Organizations must obtain explicit consent from individuals before collecting or processing their data. Consent should be freely given, specific, informed, and unambiguous.
  • Purpose limitation: Data can only be collected for specified, explicit, and legitimate purposes. It cannot be further processed in a manner incompatible with these purposes.
  • Data minimization: Organizations should only collect the minimum personal data necessary for the intended purpose. Unnecessary data collection is prohibited.
  • Data security: Measures must be in place to ensure the protection and confidentiality of personal data, protecting it from unauthorized access, disclosure, alteration, or destruction.
  • Data subject rights: Individuals have various rights under the Act, including access to their data, request corrections, object to processing, and data erasure under certain circumstances.
  • Data transfer: Transfers of personal data outside Nigeria are subject to restrictions to ensure adequate data protection.

Read also: What is Database Security? Here’s All You Need to Know

Compliance Requirements

To comply with the Data Protection Act, organizations must undertake various measures including:

  • Implementing data protection policies and procedures and appointing a Data Protection Officer (DPO) responsible to ensure compliance.
  • Conducting regular data protection impact assessments
  • Providing training to staff on data protection principles and practices impacts businesses.

While ensuring compliance with data privacy laws may require initial investment and effort, it can yield significant benefits for businesses. Organizations can enhance trust, mitigate risks, and avoid costly penalties by demonstrating a commitment to protecting customer data.

Join our Whatsapp Community to participate in insightful conversations on various topics ranging from career to technology, Lifestyle and others. 

Frequently Asked Questions

How do data privacy laws help?

Data privacy laws, like Nigeria’s Data Protection Act, set rules to ensure that your data is handled responsibly by businesses and organizations.

What does the Nigeria Data Protection Act cover?

It covers various aspects of data privacy, including consent, data security, and individual rights regarding personal information.

What is meant by “data minimization”?

Data minimization means that organizations only collect the necessary amount of personal data for a specific purpose, reducing the risk of unnecessary exposure.

Who enforces data privacy laws in Nigeria?

The Nigeria Data Protection Commission (NDPC) is responsible for enforcing compliance with data privacy laws in the country.

What are the consequences of violating data privacy laws?

Violations can result in penalties, fines, or even criminal prosecution, depending on the severity of the breach.

Do I have control over my personal data under data privacy laws?

Yes, data privacy laws empower you with rights such as the right to access data, request corrections, or even have data erased under certain conditions.

Can organizations collect my data without my consent?

No, organizations must obtain your explicit consent before collecting or processing personal data under data privacy laws.

How can businesses ensure compliance with data privacy laws?

By implementing data protection policies, appointing a Data Protection Officer, and providing staff training on data privacy principles and practices.

Are there restrictions on transferring personal data outside Nigeria?

Yes, transfers of personal data are subject to restrictions to ensure that data is adequately protected even when it leaves the country.

What should I do if I suspect a breach of my data privacy?

You can report it to the Nigeria Data Protection Commission for investigation and potential enforcement action.

How can I protect my data privacy online?

You can protect data by using strong, unique passwords, being cautious about sharing personal information online, and using security measures like two-factor authentication.

Can I access my personal data held by organizations?

Yes, data privacy laws grant you the right to access personal data held by organizations and request a copy of it.

Can I request the deletion of my personal data?

Yes, under certain circumstances, you have the right to request the deletion of your personal data held by organizations.

What steps can I take if I feel my data privacy rights have been violated?

You can file a complaint with the Nigeria Data Protection Commission, which will investigate the matter and take appropriate action if necessary.

Do data privacy laws apply to all types of organizations?

Yes, data privacy laws apply to all organizations, regardless of size or industry, that collect and process personal data.

How can I stay informed about changes in data privacy laws?

You can stay informed by following updates from the Nigeria Data Protection Commission and reputable sources specializing in data privacy news.

Are there penalties for organizations that fail to comply with data privacy laws?

Yes, organizations that fail to comply may face penalties, fines, or other sanctions imposed by the regulatory authorities.

What role do individuals play in ensuring data privacy?

Individuals play a crucial role by being aware of their rights, exercising caution when sharing personal information, and advocating for more robust data privacy protections.

Read also: A Full Guide on how to Become a Database Administrator.


Data privacy is a fundamental right in Nigeria, enshrined in the Data Protection Act 2023. By adhering to the provisions of this law, organizations can foster a culture of respect for individuals’ privacy rights while maintaining trust and confidence in the digital ecosystem. 

Compliance with data privacy laws is not only a legal requirement but also a moral imperative in today’s interconnected world.

Subscribe to our newsletter to receive notifications of other insightful articles like this in your inbox.

Edited by Oluwanifemi Akintomide.

About Author

Avatar of Michael Olorunwumi
Michael Olorunwumi
Michael Olorunwumi, is a final year student at the University of Ibadan, studying English language and Education. He is an SEO content writer, spoken word artiste, poet, Kampala textile designer, and rapper.

You may also like

Leave a Comment

× Say hi
Update Required Flash plugin